Re: Question: Integrating session user authentication/cgi interaction with static served items

[prev] [thread] [next] [Date index for 2005/02/11]

On Feb 11, 2005, at 2:19 PM, Perrin Harkins wrote:

> We use mod_auth_tkt, but it only supports apache 1.x.  I'd like to find
> something equivalent for 2.x.
>
> It is cookie-based and allows for different levels of auth.  A pretty
> useful mod, especially since you can share auth with web apps written 
> in
> PHP or Java.

I'm assuming that the mod_auth_tkt is this one:
	http://www.openfusion.com.au/labs/mod_auth_tkt/

I think that I could use that, or something similar.

Right now, I'm running mod_perl as Apache2/MP2

But I don't see why I can't run mod_auth_tkt as an apache1 server 
looking for validation for ht_docs, then recreate a compatible 
authticket generator using mod_perl (which i'd imagine is just an md5 
of a shared secret + configurable session vars)

I could probably even use some other server that just handles static 
serving and can handle cookies.
I thought about thttpd, and was looking at the performance chart here: 
http://www.acme.com/software/thttpd/serverperf.gif - which kinda makes 
apache look abysmal and zeus godlike.